DOCSLIB.ORG

Zenworks Application 2017 Update 4 January 2019

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Zenworks Application 2017 Update 4 January 2019 ZENworks Application 2017 Update 4 January 2019 1 Documentation Updates This section contains information on documentation content changes that were made in ZENworks Configuration Management (ZENworks Application). The information can help you to keep current on updates to the documentation. The documentation was updated on the following date: 2 Overview ZENworks Application (ZAPP) leverages the capabilities of a unified endpoint management solution to provide an enhanced user experience, while using the same functionality as that of the old Novell Application Launcher (NAL) window. The features include: A brand new user interface that serves as a single place for all ZENworks end user functionality on Windows. An integrated search to help you find the app of your choice. The search includes full and split pattern matching by name, description, and contact information. A new branding policy that enables your organization to customize certain aspects of the ZENworks Application based on your own branding requirements, such as the ZAPP icon, wallpaper, and color. You can pin and unpin bundles to the Desktop, Taskbar, and Start menu tiles. An improved user experience, including: Providing remote assistance to end users from the ZAPP window. You do not need to go to the ZENworks system tray icon, you can click the menu from ZAPP itself to request remote assistance. This document includes the following: Section 2.1, “Launching ZAPP,” on page 2 Section 2.2, “Logging into ZENworks,” on page 2 Section 2.3, “Launching help,” on page 2 Section 2.4, “About ZENworks,” on page 2 Section 2.5, “Launching ZAPP using the Command Line Switches,” on page 3 Section 2.6, “Launching Technician Application,” on page 4 Section 2.7, “Refreshing the Agent,” on page 4 Section 2.8, “Checking for Updates,” on page 4 Section 2.9, “Changing the Password,” on page 5 Section 2.10, “Submitting the Collection Data Form,” on page 5 Section 2.11, “Security Locations,” on page 5 ZENworks Application 2017 Update 4 1 Section 2.12, “Searching bundles and folders,” on page 5 Section 2.13, “Viewing bundles and folders using the icons,” on page 6 Section 2.14, “Viewing the bundle progress status,” on page 6 Section 2.15, “Requesting for remote assistance,” on page 6 Section 2.16, “Viewing and using the bundle actions,” on page 6 Section 2.17, “Cleaning up the Bundle Shortcuts,” on page 7 Section 2.18, “Accessing options through shortcuts,” on page 7 Section 2.19, “Creating ZAPP as Shell,” on page 7 Section 2.20, “Important information about bundles behavior in Windows 7 Start menu,” on page 8 IMPORTANT If NALWIN is configured as Shell, then during upgrade ZAPP will replace NALWIN. Administrator can enable or disable the Refresh, Progress status, Sign in, Technician Application, ZENworks icon, and Remote assistance options for users to access. 2.1 Launching ZAPP You can launch ZAPP by using any of the following options: Click the ZENworks icon from the system tray. Start > Novell ZENworks > ZENworks Application. Start > Run and then type zapp-launcher. 2.2 Logging into ZENworks To log into ZENworks: Right-click the ZENworks icon and click Sign in. Select the Hamburger menu and click Sign in. 2.3 Launching help You can launch ZAPP help by using any of the following options: Select the Hamburger menu and click Help. On the system tray, right-click the ZENworks icon and click Help. 2.4 About ZENworks You can view ZENworks details such as build version, agent version, configuration location, device name, and user name: Select the Hamburger menu and click About ZENworks. 2 ZENworks Application 2017 Update 4 2.5 Launching ZAPP using the Command Line Switches Open the command prompt and execute the zapp-launcher command. By default, ZAPP-Launcher is started from the Run registry keys. For example: To disable the Close option for ZAPP, append the /s option to the following registry keys: For 32-bit Operating Systems: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ZAPP=C:\Program Files (x86)\Novell\Zenworks\bin\zapp-launcher.exe /runonce /s Or ZAPP=%zenworks_home%\bin\zapp-launcher.exe /runonce /s Registry key Type: REG_EXPAND_SZ For 64-bit Operating Systems: [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] ZAPP=C:\Program Files (x86)\Novell\Zenworks\bin\zapp-launcher.exe /runonce /s Or ZAPP=%zenworks_home%\bin\zapp-launcher.exe /runonce /s Registry key Type: REG_EXPAND_SZ IMPORTANT If ZAAP is already running and you want to launch it again with other command line parameters, kill all instances of ZAAP and then execute zapp-launcher with the new parameters. Command line parameters set before an agent update is retained after agent is updated. The following command line switches can be used when starting the ZENworks Application Window using zapp-launcher: Switch Description /? Displays Help. If ZAPP is launched with invalid parameters, help is displayed. Example: zapp-launcher /? /max Displays the ZENworks Application window maximized when first loaded, overriding the window state (size Example: zapp-launcher /max and position) that was saved when exiting the previous ZENworks Application window session. /min Displays the ZENworks Application window minimized when first loaded, overriding the window state (size Example: zapp-launcher /min and position) that was saved when exiting the previous ZENworks Application window session. ZENworks Application 2017 Update 4 3 Switch Description /norm Displays the ZENworks Application window in its original state when first loaded, and maintains the Example: zapp-launcher /norm window state (size and position) that was saved when exiting the previous ZENworks Application window session. /runonce This command is used for internal purposes and it is located at HKLM\SOFTWARE\Microsoft\Windows\CurrentVer sion\Run. Ensure that you do not delete it. /s Enables the ZENworks Application window to behave like the Windows shell. For example, on the Example: zapp-launcher /s Hamburger menu, the standard Windows Power Options are displayed. The Close option is not available. This is not a true replacement for the Windows shell. If users minimize the ZENworks Application window, they have access to the normal desktop. /d Displays the ZENworks Application window without the Help option on the Hamburger menu and System Tray. Example: zapp-launcher /d So, you cannot view the help. 2.6 Launching Technician Application From the ZENworks 2017 release the Show Properties menu is renamed as Technician Application. To launch Technician Application: 1 Right-click the ZENworks icon and click Technician Application. 2.7 Refreshing the Agent You can refresh the agent by using any of the following options: Select the Hamburger menu and click Refresh. Click the Refresh icon in the status bar. Right-click the ZENworks icon and click Refresh. 2.8 Checking for Updates You can check for any ZENworks software updates by using the following option: Right-click the ZENworks icon and click Check for Updates. In case of server class machines the Check for Updates option is displayed if the active session is a console session (it is not allowed in Remote Desktop Protocol (RDP) of server class machines as multiple users can log in and this option can affect the other sessions). So, if the user logs out from the console session and logs in with RDP, the process is launched and the menu is not displayed. 4 ZENworks Application 2017 Update 4 2.9 Changing the Password You can change the password by performing the following: 1 Right-click the ZENworks icon and click Change Password. 2 On the Change eDirectory Password page, specify the following information: Old Password: The current password. New Password and Confirm Password: The new password for logging into the application. 3 Click OK. 2.10 Submitting the Collection Data Form To schedule regular inventory scans on your device, your administrator creates a collection data form to gather additional information from you. The information requested in the data form is determined by your administrator. To specify the data: 1 Right-click the ZENworks icon and click Collection Data Form. 2 Specify the required information and click Submit. 2.11 Security Locations The current security location determines the security policies being applied to your device. It will be available if an administrator has configured. 2.11.1 Viewing the Current Security Location To view the current location: 1 Right-click the ZENworks icon, click Security Location. The current location is identified by a check mark. 2.11.2 Changing Security Locations You can change security locations only if additional locations are available. When you change security locations, the ZENworks Agent applies the security policies associated with the new location. You should exercise caution when manually changing locations to ensure that you do not compromise your system’s security. 1 Right-click the ZENworks icon in the notification area, click Security Location, then click the new location. 2.12 Searching bundles and folders The Search option enables you to search the required bundles and folders with name, description, and contact information. Even if a particular folder is selected the search is performed across the application. ZENworks Application 2017 Update 4 5 2.13 Viewing bundles and folders using the icons The following views are available: : Icon View displays icons of bundles and folders. : Detailed View displays folders and bundle information such as name, version, and status. You can sort the bundle as required. : Toggle Tree View displays and hides the left pane folder view. 2.14 Viewing the bundle progress status From the ZENworks 2017 release, the Show Progress menu is renamed as View Progress. To view the bundle progress status: 1 Select the Hamburger menu and click View Progress. In the Progress Status you can retry on bundle failure, pause and resume while downloading bundle content. You can also clear the bundle progress by right-clicking the progress status and click Clear.
Load more

Recommended publications
  • Supporting Operating System Installation | 3
    cc01SupportingOperatingSystemInstallation.indd01SupportingOperatingSystemInstallation.indd PagePage 1 08/10/1408/10/14 4:334:33 PMPM martinmartin //208/WB01410/XXXXXXXXXXXXX/ch01/text_s208/WB01410/XXXXXXXXXXXXX/ch01/text_s Supporting Operating LESSON 1 System Installation 70-688 EXAM OBJECTIVE Objective 1.1 – Support operating system installation. This objective may include but is not limited to: Support Windows To Go; manage boot settings, including native virtual hard disk (VHD) and multi-boot; manage desktop images; customize a Windows installation by using Windows Preinstallation Environment (PE). LESSON HEADING EXAM OBJECTIVE Using a Troubleshooting Methodology Viewing System Information Using the Event Viewer Supporting Windows To Go Support Windows To Go Creating and Deploying a Windows To Go Workspace Drive Booting into a Windows To Go Workspace Managing Boot Settings Manage boot settings, including native virtual hard disk (VHD) and multi-boot Using BCDEdit and BCDBoot Configuring a Multi-Boot System Manage boot settings, including native virtual hard disk (VHD) and multi-boot Configuring a Native VHD Boot File Manage boot settings, including native virtual hard disk (VHD) and multi-boot Understanding VHD Formats Installing Windows 8.1 on a VHD with an Operating System Present Installing Windows 8.1 on a VHD Without an Operating SystemCOPYRIGHTED Present MATERIAL Managing Desktop Images Manage desktop images Capturing Images Modifying Images using DISM Customizing a Windows Installation by Using Windows PE Customize a Windows
    [Show full text]
  • Windows 7 Bitlocker™ Drive Encryption Security Policy for FIPS 140-2 Validation
    Windows 7 BitLocker™ Security Policy Page 1 of 16 Windows 7 BitLocker™ Drive Encryption Security Policy For FIPS 140-2 Validation For Windows 7 Document version 1.0 08/31/2011 1. Table of Contents 1. TABLE OF CONTENTS ......................................................................................................................... 1 2. INTRODUCTION .................................................................................................................................. 2 2.1 List of Cryptographic Modules ........................................................................................................................... 2 2.2 Brief Module Description ................................................................................................................................... 3 2.3 Validated Platforms ........................................................................................................................................... 4 3. INTEGRITY CHAIN OF TRUST .......................................................................................................... 4 4. CRYPTOGRAPHIC BOUNDARIES ..................................................................................................... 5 4.1 Overall Cryptographic Boundary........................................................................................................................ 5 4.2 BitLocker™ Components Included in the Boundary .......................................................................................... 5 4.3 Other Windows
    [Show full text]
  • Guidelines for Designing Embedded Systems with Windows 10 Iot Enterprise
    Guidelines for Designing Embedded Systems with Windows 10 IoT Enterprise Version 2.0 Published July 15, 2016 Guidelines for designing embedded systems 1 CONFIDENTIAL Contents Overview .................................................................................................................................................................................................... 4 Building a task-specific experience ............................................................................................................................................ 4 General Group Policy settings ....................................................................................................................................................... 4 Application control ................................................................................................................................................................................ 5 Application boot options ................................................................................................................................................................. 5 Auto-boot Universal Windows apps ...................................................................................................................................... 5 Auto-boot Classic Windows apps ........................................................................................................................................... 5 Limit application access with AppLocker ...............................................................................................................................
    [Show full text]
  • Disabling Windows Logon Optimization
    Network : connection failures during startup : disabling Windows logon optimization 379 Camille Garick Wed, May 13, 2020 Authentication Accounting Module AAM)™ 61 Warning Modify the registry at your own risk. EnvisionWare does not provide Windows support. Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. We recommend that your Operating System support team undertake these changes. Microsoft optimized Windows to enhance the user experience by creating the impression that the operating system starts up faster. This is achieved by having the login prompt display before the network is fully initialized. Additionally, existing users may be logged in with cached credentials. Drawbacks in a domain or corporate environment are that login scripts might not run, drives and printers might not be mapped, policies might not get applied until after logon and GPO software distribution may be delayed. This logon optimization can affect some EnvisionWare Products. EnvisionWare products that make connections across a network may fail to start correctly if the application or associated Windows service starts before the network is fully initialized. We recommend turning off Windows Logon Optimization on PC’s where EnvisionWare products are running. The Logon optimization can be disabled in the following ways: 1. Via Local Policy - Computer Configuration\Administrative Templates\System\Logon\Always wait for the network at computer startup and logon 2. Via Group Policy - Computer Configuration\Administrative Templates\System\Logon\Always wait for the network at computer startup and logon 3. As a Policy via Windows registry - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon with registry value SyncForegroundPolicy=dword:00000001 4.
    [Show full text]
  • AMP for Endpoints
    Windows Process Starts Before AMP Connector Workaround - AMP for Endpoints Contents Introduction Requirements Components Used Limitations Background Information Troubleshoot Steps to delay a Windows service Delay the process with the command line Introduction This document describes the steps to troubleshoot in Advanced Malware Protection (AMP) for Endpoints when a Windows process starts before System Process Protection (SPP). Contributed by Nancy Perez and Uriel Torres, Cisco TAC Engineers. Requirements Cisco recommends that you have knowledge of these topics: ● Windows OS ● AMP connector's engines Components Used The information in this document is based on these software and hardware versions: ● Windows 10 device ● AMP connector 6.2.9 version The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command. Limitations This is a bug that affects the System Process Protection engine when a process starts before the AMP connector CSCvo90440. Background Information The AMP for Endpoints System Process Protection engine protects critical Windows system processes from memory injection attacks by other processes. In order to enable SPP, on the AMP console, navigate to Management > Policies > click on edit in the policy you want to modify > Modes and Engines > System Process Protection, here you can find three options: ● Protect: blocks attacks
    [Show full text]
  • Windows XP Embedded Thin Client Manual
    ______________________________________________________________ Windows XP Embedded Thin Client Manual Version 1.2.1 ___________________________________________________________ Contents Contents Chapter 1 – Introduction 1 Overview 1 XPe File System 2 Chapter 2 - Startup and Configuration 2-1 Default Logon accounts 2-1 Logging On 2-1 XPe Management 2-3 1. Assign AutoLogon User 2-4 2. Setting Display Properties 2-4 3. Computer Management 2-5 4. XPe SNMP Control Utility 2-6 5. RAM Disk Size Properties 2-7 6. PopUp Main Menu 2-8 Network Connections 2-8 Microsoft Firewall 2-9 Chapter 3 - Applications 3-1 Installing New Applications / Device Drivers 3-1 Printer Driver Installation Example 3-1 Setup LPD printer on XPe 3-2 CITRIX Program Neighborhood 3-3 Remote Desktop Connection (RDP) 3-4 Internet Explorer 3-5 Kiosk Mode 3-6 Lock down IE using registry edits 3-6 TermPro Emulations 3-7 802.11a/b/g wireless adapter support 3-7 USB Device Support 3-7 GPEDIT (Group Edit) 3-7 SNMPadm - Remote Management 3-8 i Contents Chapter 4 – TermPro Emulations 4-1 Configure/Edit Sessions 4-3 Display Sessions 4-6 Printer Sessions 4-15 Using Emulation Sessions 4-20 Display Sessions 4-20 Printer Sessions 4-38 Appendix A – XPe Image Recovery A-1 Appendix B – Advanced Configuration Notes B-1 Expand User Access B-1 Auto-re-logon B-2 ii Introduction Chapter 1 – Introduction An overview of the XPe Thin Client is presented along with a description of its file system. Overview The XPe thin client, with its high quality, versatility, and flexibility, is an expandable high-performance terminal that gives users the ability to access Windows, Internet, multimedia, and legacy applications, at a lower total cost of ownership than PCs or other computing products.
    [Show full text]
  • PLATINUM Targeted Attacks in South and Southeast Asia
    PLATINUM Targeted attacks in South and Southeast Asia Windows Defender Advanced Threat Hunting Team This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. Copyright © 2016 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Table of contents PLATINUM: Targeted attacks in South and Southeast Asia........................................... 4 Adversary profile ............................................................................................................................ 4 Methods of attack .......................................................................................................................... 6 Technical details ............................................................................................................................. 11 Dipsind ................................................................................................................................................................................ 11 JPIN ..................................................................................................................................................................................... 15 adbupd ..............................................................................................................................................................................
    [Show full text]
  • Advanced Authentication - Windows Client
    Installation and Configuration Guide Advanced Authentication - Windows Client Version 6.1 Legal Notices For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/. Copyright © 2018 NetIQ Corporation, a Micro Focus company. All Rights Reserved. Contents About This Book 5 About NetIQ Corporation 7 1 System Requirements 9 2 Offline Support for Windows Client 11 3 Configuring the Preliminary Settings 13 Configuring the Mandatory Settings . 13 Using a Specific Advanced Authentication Server in a Non-DNS Mode . 13 Setting a DNS for Advanced Authentication Server Discovery . 14 Configuring Optional Settings . 17 Disabling 1:N . 18 Disabling the Local Accounts . 19 Configuration Settings for Multitenancy . 19 Selecting an Event . 19 Configuring Timeout for Card Waiting . 19 Enabling Login Failure After Card Timeout . 20 Configuring Automatic Login . 20 Customizing a Logo . 20 Configuring to Verify Server Certificates . 21 Configuring to Force Offline Login Manually . 21 Configuring the Enforced Cached Login . 22 Configuring Single Sign-on Support for Citrix and Remote Desktop . 22 Customizing the Login Page Background Screen . 23 Changing an Endpoint Name . 23 Configuring to Enable the Authentication Agent Chain . 24 Configuring Integration with Sophos SafeGuard 8. 25 Configuring the Credential Provider Chaining . 25 4 Installing and Uninstalling Windows Client 27 Installing Windows Client . 27 Uninstalling Windows Client . 27 Microsoft Windows 7 . 28 Microsoft Windows 8.1 . 28 Microsoft Windows 10 . 28 5 Client Login Extension Support for Windows Client 29 6 Troubleshooting for Windows Client 31 Debugging Logs for Advanced Authentication . 31 Using a Diagnostic Tool .
    [Show full text]
  • CIS Microsoft Windows Server 2012 Benchmarkv1.0.0
    CIS Microsoft Windows Server 2012 Benchmarkv1.0.0 01-31-2013 The CIS Security Benchmarks division provides consensus-oriented information security products, services, tools, metrics, suggestions, and recommendations (the “SB Products”) as a public service to Internet users worldwide. Downloading or using SB Products in any way signifies and confirms your acceptance of and your binding agreement to these CIS Security Benchmarks Terms of Use. CIS SECURITY BENCHMARKS TERMS OF USE BOTH CIS SECURITY BENCHMARKS DIVISION MEMBERS AND NON-MEMBERS MAY: Download, install, and use each of the SB Products on a single computer, and/or Print one or more copies of any SB Product that is in a .txt, .pdf, .doc, .mcw, or .rtf format, but only if each such copy is printed in its entirety and is kept intact, including without limitation the text of these CIS Security Benchmarks Terms of Use. UNDER THE FOLLOWING TERMS AND CONDITIONS: SB Products Provided As Is. CIS is providing the SB Products “as is” and “as available” without: (1) any representations, warranties, or covenants of any kind whatsoever (including the absence of any warranty regarding: (a) the effect or lack of effect of any SB Product on the operation or the security of any network, system, software, hardware, or any component of any of them, and (b) the accuracy, utility, reliability, timeliness, or completeness of any SB Product); or (2) the responsibility to make or notify you of any corrections, updates, upgrades, or fixes. Intellectual Property and Rights Reserved. You are not acquiring any title or ownership rights in or to any SB Product, and full title and all ownership rights to the SB Products remain the exclusive property of CIS.
    [Show full text]
  • Windows Internals
    Windows Internals David Solomon ([email protected]) David Solomon Expert Seminars www.solsem.com Mark Russinovich ([email protected]) Winternals www.winternals.com, www.sysinternals.com About the Speaker: David Solomon 1982-1992: VMS operating systems development at Digital 1992-present: Researching, writing, and teaching Windows operating system internals Frequent speaker at technical conferences (Microsoft TechEd, IT Forum, PDCs, …) Microsoft Most Valuable Professional (1993, 2005) Books Windows Internals, 4th edition PDF version ships with Server 2003 Resource Kit Inside Windows 2000, 3rd edition Inside Windows NT, 2nd edition Windows NT for OpenVMS Professionals Live Classes 2-5 day classes on Windows Internals, Advanced Troubleshooting Video Training 12 hour interactive internals tutorial Licensed by MS for internal use 2 About the Speaker: Mark Russinovich Co-author of Inside Windows 2000, 3rd Edition and Windows Internals, 4th edition with David Solomon Senior Contributing Editor to Windows IT Pro Magazine Co-authors Windows Power Tools column Author of tools on www.sysinternals.com Microsoft Most Valuable Professional (MVP) Co-founder and chief software architect of Winternals Software (www.winternals.com) Ph.D. in Computer Engineering 3 Purpose of Tutorial Give Windows developers a foundation understanding of the system’s kernel architecture Design better for performance & scalability Debug problems more effectively Understand system performance issues We’re covering a small, but important set of core topics: The “plumbing in the boiler room” 4 System Architecture System Processes Services Applications Environment Service Subsystems Control Mgr. POSIX LSASS SvcHost.Exe Task Manager WinMgt.Exe Explorer WinLogon SpoolSv.Exe User OS/2 User Session Services.Exe Application Mode Manager Subsystem DLLs Windows System NTDLL.DLL Threads Kernel Mode System Service Dispatcher (kernel mode callable interfaces) Windows I/O Mgr USER, GDI File ObjectPlug andPower Security ProcessesConfigura- Local Device & System ReferenceVirtual & tion MgrProcedure Mgr.
    [Show full text]
  • Bitlocker™ Drive Encryption Security Policy for FIPS 140-2 Validation
    BitLocker™ Security Policy Page 1 of 16 BitLocker™ Drive Encryption Security Policy For FIPS 140-2 Validation v 1.1 8/31/11 1. Table of Contents 1. TABLE OF CONTENTS ......................................................................................................................... 1 2. INTRODUCTION .................................................................................................................................. 1 2.1 List of Cryptographic Modules ........................................................................................................................... 2 2.2 Brief Module Description ................................................................................................................................... 2 2.3 Validated Platforms ........................................................................................................................................... 3 3. INTEGRITY CHAIN OF TRUST .......................................................................................................... 3 4. CRYPTOGRAPHIC BOUNDARIES ..................................................................................................... 4 4.1 Overall Cryptographic Boundary........................................................................................................................ 4 4.2 BitLocker™ Components Included in the Boundary .......................................................................................... 4 4.3 Other Server 2008 Components .......................................................................................................................
    [Show full text]
  • MALICIOUS Threat Names: Win32.Worm.Brontok.AM
    DYNAMIC ANALYSIS REPORT #2195013 Classifications: - MALICIOUS Threat Names: Win32.Worm.Brontok.AM Verdict Reason: - Sample Type Windows Exe (x86-32) File Name _default17292.pif.exe ID #875538 MD5 db947f234febeae1c1c91e971a680eb4 SHA1 1b19ede284dd2ed36e44cdfbac9dda2d0573ca70 SHA256 b4a0a125cb13358e2319648ddc51d1e88b18766a12abaf50e6e3723a8af5c982 File Size 97.66 KB Report Created 2021-08-24 00:36 (UTC+2) Target Environment win10_64_th2_en_mso2016 | exe X-Ray Vision for Malware - www.vmray.com 1 / 20 DYNAMIC ANALYSIS REPORT #2195013 OVERVIEW VMRay Threat Identifiers (10 rules, 55 matches) Score Category Operation Count Classification 4/5 System Modification Disables a crucial system tool 1 - • (Process #1) _default17292.pif.exe disables the Registry Editor via registry. 4/5 Antivirus Malicious content was detected by heuristic scan 5 - • Built-in AV detected the sample itself as "Win32.Worm.Brontok.AM". • Built-in AV detected the dropped file C:\Windows\system32\n10767\winlogon.exe as "Win32.Worm.Brontok.AM". • Built-in AV detected a memory dump of (process #1) _default17292.pif.exe as "Win32.Worm.Brontok.AM". • Built-in AV detected a memory dump of (process #3) smss.exe as "Win32.Worm.Brontok.AM". • Built-in AV detected a memory dump of (process #5) winlogon.exe as "Win32.Worm.Brontok.AM". 1/5 System Modification Modifies operating system directory 23 - • (Process #1) _default17292.pif.exe creates file "C:\Windows\system32\n10767\smss.exe" in the OS directory. • (Process #1) _default17292.pif.exe creates file "C:\Windows\j6199922.exe" in the OS directory. • (Process #1) _default17292.pif.exe creates file "C:\Windows\system32\c_19992k.com" in the OS directory. • (Process #1) _default17292.pif.exe creates file "C:\Windows\system32\n10767\sv712709030r.exe" in the OS directory.
    [Show full text]